A few weeks ago the NIST announced the BGP Secure Router Extension (BGP-SRx) Prototype, that basically makes it possible to use Quagga with RPKI
and origin-validation. So, after playing with the RPKI implementations from Cisco and Juniper we decided to take a look at it.
router bgp 1 bgp router-id 192.168.56.103 network 10.0.1.0/24 neighbor 192.168.56.104 remote-as 20 !SRx Configuration Settigns srx display srx connect 127.0.0.1 17900 srx evaluation roa_only srx keep-window 900
bgpd# sh ip bgg BGP table version is 0, local router ID is 192.168.56.103 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, R Removed Validation: v - valid, u - unknown, i - invalid, ? - undefined SRx Status: I - route ignored, D - SRx evaluation deactivated SRxVal Format: validation result (origin validation, path validation) Origin codes: i - IGP, e - EGP, ? - incomplete Ident SRxVal SRxLP Status Network Next Hop Metric LocPrf Weight Path *> B2E8F5E6 v(v,-) 10.0.0.0/16 192.168.56.104 0 0 20 i *> 093057FE i(i,-) 10.0.0.0/24 192.168.56.104 0 0 20 i * -------- ?(?,-) I 10.0.1.0/24 0.0.0.0 0 32768 i *> D58A50E7 u(u,-) 10.10.0.0/16 192.168.56.104 0 0 20 i
bgpd# sh ip bgp 10.0.0.0/16 BGP routing table entry for 10.0.0.0/16 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer 20 SRx Information: Update ID: 0xB2E8F5E6 Validation: prefix-origin: valid path processing disabled! 192.168.56.104 from 192.168.56.104 (192.168.56.104) Origin IGP, metric 0, localpref 100, valid, external, best Last update: Wed Dec 31 22:38:17 1969